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DETAILED ACTION 

This responds to Applicant's Arguments/Remarl<s filed 08/08/2007. Claims 1, 4, 
10, 14, 16-23, 24, 27, and 29 have been amended. Claims 13 and 44-50 have been 
cancelled, and Claims 51-65 have been newly added. As a result. Claims 1-12, 14-43, 
and 51-65 are now pending in this application. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

3. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
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under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

4. Claims 1 - 12, 14-17, and 19-50 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent Pub. No. 2001/0044339 to Cordero et al. (Cordero) in 
view of U.S. Patent Pub. No. 2006/0059253 to Goodman et al. (Goodman). 

In Reference to Claims 1 , 4, 10, 12, 14, 17, 23-24, 27, and 29 
Cordero discloses a gaming apparatus operatively connectable through a 
communication network to a gaming system server including at least one gaming 
terminal, operable to execute game software (para. 0007; where multiplayer game play 
is provided over a network), a secure communication apparatus, communicatively 
coupled to the gaming terminal and server, and operable to provide network access 
control for gaming information exchanged between the gaming terminal and server, and 
a communication network (para. 0012), an access control apparatus, communicatively 
coupled to the gaming terminal and server, and operable to prevent unauthorized 
access or malicious code access to gaming information within the gaming terminal or 
server (para. 0055; where players are granted or denied access based on player 
identification), and at least one integrity apparatus, communicatively coupled to the 
gaming terminal, and operable to ensure integrity of the gaming information within the 
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gaming terminal and server (para. 0037; where a backup server is available to ensure 
the integrity of game system data). 

However, Cordero is silent on a system whereby the integrity apparatus 
operable to at least detect deviations, outside of a pre-selected boundary, in an existing 
state of the gaming information from a baseline state of the gaming information within 
the gaming terminal, and to report the detected deviations for acceptance and 
associated update of the baseline state or for remedial action to return the gaming 
information to the baseline state. 

Goodman teaches of netcentric computing systems (Title) whereby data is 
measured against a baseline for unauthorized changes and to query and report on 
network changes ("Data gathered by the network/systems management tools 804 can 
provide a baseline to measure against unauthorized changes. In this case, the query 
design of the change control components 914 should include the ability to perform ad- 
hoc or pre-determined queries, which can report on specific network management 
changes. Data gathered by network/systems management tools 804 (UNIX, VMS, 
MVS, etc.) can be utilized to monitor systems once a change has taken place. In this 
case, errors or system degradation in a change can be detected. A design 
consideration for the change control components 914 in this area would be to develop 
an interface with the systems management tools in which system performance 
degradation can be tracked and reported." para. 804; for acceptance and for remedial 
action are statements of intended use which the system of Goodman is capable of 
performing) in order to "provide a combination of tools, support services, procedures 
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and controls that are required to keep a production system up and running well." (para. 
708). 

In Reference to Claims 2. 5. 1 1 . 15. 25. 28 

Cordero discloses a gaming apparatus wherein the secure communication 
apparatus is operable to exchange gaming information and prevent unauthorized 
access to game information that is selected from a group of information types, using an 
integrity apparatus, that includes the game software, game configuration data, game 
play data, game performance data, server- determined game outcomes, gaming device 
operations software, maintenance information, security data, player data, marketing 
data, operations data, accounting data, electronic fund transfer data, and wagering 
account transfer data (para. 0055; where players are granted or denied access to game 
software services based on player identification). 

In Reference to Claims 3 and 26 

Cordero discloses a gaming apparatus including at least one user interface 
selected from a group of user interfaces that includes a control panel, buttons, a coin 
acceptor, a note acceptor, one or more electro-mechanical reels, a keypad, one or more 
speakers, a card reader, a card reader display, a video display, a keyboard, a graphical 
interface unit display, a monitor, a printer, a modem, a tape drive, a digital Video disk 
drive, and a compact disk drive, (para. 0009; where multiple types of client systems. 
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such as personal computers, games console systems, or personal digital assistants, 
each incorporating one or more of the above features may be used). 

In Reference to Claims 6-7 and 30-33 

Cordero discloses a gaming apparatus wherein the secure communication 
apparatus is further operable to execute virtual private network application software and 
implement a virtual private network tunneling protocol (para. 0037) and includes a public 
network (para. 0010; where a virtual private network may be used over a public 
network, such as the Internet). 

In Reference to Claims 8-9 and 16 

Cordero discloses a gaming apparatus wherein the secure communication 
apparatus includes one or more firewalls and execute a cryptographic method to ensure 
integrity of the gaming information and implement an authentication protocol to prevent 
unauthorized access to an encryption key (para: 0035; where protected systems use 
firewalls and security encryption algorithms to restrict access and defeat unauthorized 
access). 

In Reference to Claims 19-22 

Cordero discloses a gaming apparatus wherein the first integrity apparatus is 
further operable monitor gaming information for deviations from one or more expected 
baselines, detect vulnerabilities in the gaming terminal, alter operations of the gaming 
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terminal in response to detection of corrupt data or failure of the gaming terminal (para. 
0073; where a number of system failures and breakdowns are accommodated by a 
system). 

In Reference to Claims 34 and 41 

Cordero discloses a gaming system wherein the cryptographic protocol is 
selected from a group that includes a message authentication code protocol, a one-way 
hash protocol, a public-key cryptography protocol, a digital signature protocol, a 
symmetric encryption protocol, and a random number generator protocol (para. 0052; 
where message identification is used to verify identity). 

In Reference to Claims 35-36 

Cordero discloses a gaming system wherein the firewall includes a 
programmable network processor and an adaptive computing C integrated circuit (para. 
0035; where a firewall work s with a protected computer, which may be a highly 
developed adaptive computing integrated circuit system). 

In Reference to Claims 37-38 

Cordero discloses a gaming system wherein each of the first access control 
apparatus and the second access control apparatus include at least one access control 
element, wherein the at least one access control element is selected from a group that 
includes a person authentication protocol, a software authentication protocol, a person 
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authorization protocol, and an administration method (para. 0055; where a person 
identified and authenticated). 

In Reference to Claims 39-40 

Cordero discloses a gaming system wherein the person authentication protocol is 
selected from a group that includes a username authentication protocol, a password 
authentication protocol, a biometric authentication protocol, and an access token 
authentication protocol (para. 0055; where a person identified and authenticated via an 
ID access token). 

In Reference to Claims 42-43 

Cordero discloses a gaming system wherein each of the first integrity apparatus 
and the second integrity apparatus include at least one integrity element, wherein the at 
least one integrity element is selected from a group that includes an antivirus software, 
an antivirus scanner, an intrusion detection system, a data integrity system, an incident 
response protocol, a security management protocol, a vulnerability assessment 
protocol, and an authentication protocol (para. 0035; where each server is protected by 
an integrity apparatus including a security management firewall). 

5. Claims 18 and 51-65 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent Pub. No. 2001/0044339 to Cordero et al. (Cordero) and U.S. Patent 
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Pub. No. 2006/0059253 to Goodman et al. (Goodman) further in view of U.S. Patent No. 
6,468,155 of Zucker et al. (Zucker). 

Cordero as modified by Goodman discloses a system substantially equivalent to 
Applicant's claimed invention wherein a gaming apparatus with a first integrity apparatus 
(para. 0037; where a backup server is available to ensure the integrity of game system 
data). However, Cordero as modified by Goodman fails to disclose wherein the integrity 
apparatus is further operable to determine whether the detected deviations are valid, 
wherein if the integrity apparatus determines that the detected deviations are valid, the 
integrity apparatus is operable to report the detected deviations for acceptance and 
associated update of the baseline state, and wherein if the integrity apparatus 
determines that the detected deviations are not valid, the integrity apparatus is operable 
to report the detected deviations for remedial action to return the gaming information to 
the baseline state; wherein the integrity apparatus includes one or more vulnerability 
assessment scanners operable to check settings of the gaming terminal and to 
determine whether the settings are consistent with a pre-selected gaming security 
policy; and wherein the integrity apparatus includes one or more vulnerability 
assessment scanners operable to simulate behavior of an attacker to identify 
vulnerabilities in the gaming terminal. 

Zucker teaches a security system which is further operable to detect intrusive 
network packets received by the gaming terminal (col. 7 lins. 4-9 "The game controller 
1 100 may incorporate various elements to make sure that the game system 102 is safe 
and secure for both the game provider and players. For example, network and systems 
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security may be provided via: a dual fire-wall to create layered security; intrusion 
detection software; and strict access control on all servers."); wherein a determination of 
whether detected variations are valid or invalid and wherein the integrity apparatus 
includes one or more vulnerability assessment scanners operable to check settings of 
the gaming terminal and to determine whether the settings are consistent with a pre- 
selected gaming security policy; and wherein the integrity apparatus includes one or 
more vulnerability assessment scanners operable to simulate behavior of an attacker to 
identify vulnerabilities in the gaming terminal (col. 9 lins 30-36 "The game design is then 
evaluated at 620. And game design may be evaluated, for example, by a number of 
expert game designers who estimate a level of skill required to play the game. The 
game design may also be evaluated to determine a susceptibility of the game to the use 
of automated game playing devices 260"; also, "The release of the game may also be 
evaluated, for example, with respect to risk management. That Is, the game provider 
may carefully monitor players' prize awards and the winning frequency to Identify 
suspicious player performance or an overly generous prize payout. Automatic triggers 
(a.k.a. vulnerability assessment scanners) may notify the game provider of risky results, 
and may even temporarily lock out a player or shut down a game until the game 
provider can Investigate. By way of example only, players may be prevented from 
winning a top prize (e.g. one million dollars) more than once" and Game design and 
modification methods cols. 13-15) in order to provide notifications of unauthorized 
access and increase security of a gaming system. 
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It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to employ the secure electronic gaming system as taught by 
Zucker into the teachings of Cordero as modified by Goodman in order to provide 
notifications of unauthorized access and increase security of a gaming system. 

Response to Arguments 

6. Applicant's arguments with respect to Claims 1-12, 14-43, and 51-65 have been 
considered but are moot in view of the new ground(s) of rejection. The combination of 
Goodman and Zucker render obvious the claim amendments relative to the integrity 
apparatus and management of detected deviations from a baseline for compliance to 
security policy or system vulnerability. 

Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure is provided in the Notice of References Cited. 

8. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

9. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 0. Any Inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paul A. D'Agostino whose telephone number is 
(571)270-1992. The examiner can be reached on Monday - Friday, 7:30 a.m. - 5:00 
p.m.. 

11. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John M. Hotaling, II can be reached on (571 ) 272-4437. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

12. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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